CVSS: 7.8EPSS: 0%CPEs: 76EXPL: 0CVE-2019-14055
https://notcve.org/view.php?id=CVE-2019-14055
07 Feb 2020 — Possibility of use-after-free and double free because of not marking buffer as NULL after freeing can lead to dangling pointer access in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009, APQ8017, APQ8053, APQ8096AU, APQ8098, MDM9206, MDM9207C, MDM9607, MDM9640, MDM9650, MSM8905, MSM8909W, MSM8939, MSM8953, MSM8996AU, MSM8998, Nicob... • https://www.qualcomm.com/company/product-security/bulletins/february-2020-bulletin • CWE-415: Double Free CWE-416: Use After Free •
CVSS: 9.4EPSS: 0%CPEs: 96EXPL: 0CVE-2019-14057
https://notcve.org/view.php?id=CVE-2019-14057
07 Feb 2020 — Buffer Over read of codec private data while parsing an mkv file due to lack of check of buffer size before read in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009, APQ8017, APQ8053, APQ8064, APQ8096AU, APQ8098, MDM9206, MDM9207C, MDM9607, MSM8905, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8939, MSM8940, MSM8953, MSM8996, MSM8996AU, MSM8998, Nicobar, QC... • https://www.qualcomm.com/company/product-security/bulletins/february-2020-bulletin • CWE-125: Out-of-bounds Read •
CVSS: 7.8EPSS: 1%CPEs: 86EXPL: 1CVE-2019-14041
https://notcve.org/view.php?id=CVE-2019-14041
07 Feb 2020 — During listener modified response processing, a buffer overrun occurs due to lack of buffer size verification when updating message buffer with physical address information in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009, APQ8017, APQ8053, APQ8096AU, APQ8098, MDM9206, MDM9207C, MDM9607, MDM9640, MDM9650, MSM8905, MSM8909W, MSM8917, MSM8953, MSM8996AU, Nicobar, QCM2150, QCS... • https://github.com/tamirzb/CVE-2019-14041 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 7.8EPSS: 0%CPEs: 58EXPL: 0CVE-2019-14002
https://notcve.org/view.php?id=CVE-2019-14002
07 Feb 2020 — APKs without proper permission may bind to CallEnhancementService and can lead to unauthorized access to call status in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables in APQ8053, APQ8096AU, APQ8098, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8996AU, Nicobar, QCA6574AU, QCS605, QM215, SA6155P, SDA660, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM845, SM6150, SM8150, SM8250, SXR2130 Los APK ... • https://www.qualcomm.com/company/product-security/bulletins/january-2020-bulletin • CWE-276: Incorrect Default Permissions •
CVSS: 7.8EPSS: 0%CPEs: 96EXPL: 0CVE-2019-10567
https://notcve.org/view.php?id=CVE-2019-10567
07 Feb 2020 — There is a way to deceive the GPU kernel driver into thinking there is room in the GPU ringbuffer and overwriting existing commands could allow unintended GPU opcodes to be executed in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009, APQ8017, APQ8053, APQ8096AU, APQ8098, MDM9150, MDM9206, MDM9207C, MDM9607, MDM9650, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8996AU, MSM8998, N... • https://www.qualcomm.com/company/product-security/bulletins/february-2020-bulletin •
CVSS: 10.0EPSS: 0%CPEs: 94EXPL: 0CVE-2019-10590
https://notcve.org/view.php?id=CVE-2019-10590
07 Feb 2020 — Out of bound access while parsing dts atom, which is non-standard as it does not have valid number of tracks in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009, APQ8017, APQ8053, APQ8064, APQ8096AU, APQ8098, MDM9206, MDM9207C, MDM9607, MSM8905, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8939, MSM8940, MSM8953, MSM8996, MSM8996AU, MSM8998, Nicobar, QCS405... • https://www.qualcomm.com/company/product-security/bulletins/february-2020-bulletin • CWE-129: Improper Validation of Array Index •
CVSS: 7.8EPSS: 0%CPEs: 22EXPL: 0CVE-2019-2267
https://notcve.org/view.php?id=CVE-2019-2267
21 Jan 2020 — Locked regions may be modified through other interfaces in secure boot loader image due to improper access control. in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wired Infrastructure and Networking in MDM9205, QCS404, QCS605, SDA845, SDM670, SDM710, SDM845, SDM850, SM8150, SXR1130, SXR2130 Las regiones bloqueadas pueden ser modificadas por medio de otras interfaces en la imagen del cargador de arranque segur... • https://www.qualcomm.com/company/product-security/bulletins/january-2020-bulletin •
CVSS: 7.8EPSS: 0%CPEs: 34EXPL: 0CVE-2019-14024
https://notcve.org/view.php?id=CVE-2019-14024
21 Jan 2020 — Possible stack-use-after-scope issue in NFC usecase for card emulation in Snapdragon Auto, Snapdragon Industrial IOT, Snapdragon Mobile in MSM8917, MSM8953, Nicobar, QM215, Rennell, SDM429, SDM439, SDM450, SDM632, SDM670, SDM710, SDM845, SM6150, SM7150, SM8150, SM8250, SXR2130 Un posible problema de uso de la pila previo al alcance en NFC usecase para emulación de la tarjeta en los productos Snapdragon Auto, Snapdragon Industrial IOT, Snapdragon Mobile in MSM8917, MSM8953, Nicobar, QM215, Rennell, SDM429, S... • https://www.qualcomm.com/company/product-security/bulletins/january-2020-bulletin • CWE-416: Use After Free •
CVSS: 7.8EPSS: 0%CPEs: 54EXPL: 0CVE-2019-14034
https://notcve.org/view.php?id=CVE-2019-14034
21 Jan 2020 — Use after free while processing eeprom query as there is a chance to not unlock mutex after error occurs in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009, APQ8053, MSM8909W, MSM8917, MSM8953, Nicobar, QCS605, QM215, Rennell, SA6155P, SDA845, SDM429, SDM429W, SDM439, SDM450, SDM632, SDM670, SDM710, SDM845, SDX24, SDX55, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130 Un uso de la memoria p... • https://www.qualcomm.com/company/product-security/bulletins/january-2020-bulletin • CWE-416: Use After Free •
CVSS: 10.0EPSS: 0%CPEs: 92EXPL: 0CVE-2019-14017
https://notcve.org/view.php?id=CVE-2019-14017
21 Jan 2020 — Heap buffer overflow can occur while parsing invalid MKV clip which is not standard and have invalid vorbis codec data in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009, APQ8017, APQ8053, APQ8064, APQ8096AU, APQ8098, MDM9206, MDM9207C, MDM9607, MSM8905, MSM8909, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8939, MSM8940, MSM8953, MSM8996, MSM8996AU, MSM89... • https://www.qualcomm.com/company/product-security/bulletins/january-2020-bulletin • CWE-787: Out-of-bounds Write •